package integration.rbacapi.api.v1;

import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import io.confluent.rbacapi.entities.MdsScope;
import io.confluent.rbacapi.entities.ScopeRoleBindingMapping;
import io.confluent.rbacapi.retrofit.v1.V1RbacRestApi;
import io.confluent.rbacapi.retrofit.v1.V1RbacRetrofitFactory;
import io.confluent.rbacapi.utils.ClusterType;
import io.confluent.security.authorizer.ResourcePattern;
import io.confluent.security.authorizer.Scope;
import io.confluent.security.test.utils.RbacClusters;
import io.confluent.testing.ldap.client.ExampleComLdapCrud;
import io.confluent.testing.ldap.client.LdapCrud;
import io.confluent.testing.ldap.server.LdapServer;
import java.net.ConnectException;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.kafka.common.resource.PatternType;
import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.apache.kafka.common.utils.Utils;
import org.awaitility.Awaitility;
import org.testng.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;
import retrofit2.Call;
import retrofit2.Response;
import utils.KafkaConfigTool;
import utils.MdsTestUtil;

@Test(groups = {"classParallelTests"})
/* loaded from: input_file:integration/rbacapi/api/v1/LookupTest.class */
public class LookupTest {
    public static final String GROUP_TYPE = "Group";
    public static final String USER_MDS_ADMINISTRATOR = "mdsUserAdministrator";
    public static final String USER_SR_ADMINISTRATOR = "schemaRegUserAdministrator";
    public static final String USER_ADMINISTRATOR = "administrator";
    public static final String USER_SECURITY_ADMIN = "sec_admin";
    public static final String GROUP_ADMINS = "admins";
    public static final String USER_ADMINISTRATOR_IN_GROUP = "administrator_in_group";
    public static final String USER_BILLING_RESOURCE_OWNER = "billing_resource_owner";
    public static final String USER_INVESTING_RESOURCE_OWNER = "investing_resource_owner";
    public static final String GROUP_INVESTING_DEVS = "investing_devs";
    public static final String USER_INVESTING_DEVELOPER = "investing_developer";
    public static final String GROUP_PAYROLL_DEVS = "payroll_devs";
    public static final String USER_PAYROLL_DEVELOPER = "payroll_developer";
    public static final String USER_INVESTING_PAYROLL_DEVELOPER = "investing_payroll_developer";
    public static final String USER_NO_ROLE = "no_role_user";
    public static final String USER_SPECIAL_DEVELOPER = "special_developer";
    public static final String USER_INVESTING_SPECIAL_DEVELOPER = "investing_special_developer";
    private static final String BROKER_USER = "kafka";
    private static final Scope EXTERNAL_KAFKA_CLUSTER_SCOPE = newScope("kafka1").build();
    private static final Scope EXTERNAL_KSQL_CLUSTER_SCOPE = newScope("kafka1").withCluster("ksql-cluster", "ksql1").build();
    private static final Scope EXTERNAL_CONNECT_CLUSTER_SCOPE = newScope("kafka1").withCluster("connect-cluster", "connect1").build();
    private static final Scope EXTERNAL_SR_CLUSTER_SCOPE = newScope("kafka1").withCluster("schema-registry-cluster", "sr1").build();
    private static LdapServer ldapServer;
    private static LdapCrud ldapCrud;
    private static RbacClusters rbacClusters;
    private static int actualMdsPort;
    private static V1RbacRestApi userAdminRbacRestApi;

    @BeforeClass
    public static void setupClass() throws Exception {
        ldapServer = LdapServer.defaultServerNoUsers().start();
        int actualPort = ldapServer.actualPort();
        ldapCrud = new ExampleComLdapCrud(actualPort);
        rbacClusters = new RbacClusters(KafkaConfigTool.justLDAP(actualPort, "kafka"));
        actualMdsPort = MdsTestUtil.lookupActualMdsPort(rbacClusters);
        userAdminRbacRestApi = setupUsersAndGroups(rbacClusters);
        Awaitility.given().ignoreException(ConnectException.class).await().atMost(30L, TimeUnit.SECONDS).until(() -> {
            return Boolean.valueOf(userAdminRbacRestApi.getRoleNames().execute().isSuccessful());
        });
    }

    @AfterClass
    public static void teardownClass() {
        ldapServer.stop();
        rbacClusters.shutdown();
        MdsTestUtil.releasePort(actualMdsPort);
    }

    private static String userPrincipalName(String str) {
        return new KafkaPrincipal("User", str).toString();
    }

    private static String groupPrincipalName(String str) {
        return new KafkaPrincipal("Group", str).toString();
    }

    private static Scope.Builder newScope(String str) {
        return new Scope.Builder(new String[0]).withKafkaCluster(str);
    }

    public static V1RbacRestApi setupUsersAndGroups(RbacClusters rbacClusters2) throws Exception {
        ldapCrud.createUsers(Arrays.asList(USER_MDS_ADMINISTRATOR, "administrator", "administrator_in_group", USER_SR_ADMINISTRATOR, "kafka", USER_SECURITY_ADMIN, USER_INVESTING_RESOURCE_OWNER, USER_BILLING_RESOURCE_OWNER, "investing_developer", "payroll_developer", "investing_payroll_developer", "special_developer", "investing_special_developer", USER_NO_ROLE));
        ldapCrud.createGroups(Arrays.asList("admins", "investing_devs", "payroll_devs"));
        ldapCrud.groupUsers("admins", new String[]{"administrator_in_group"});
        ldapCrud.groupUsers("investing_devs", new String[]{"investing_developer", "investing_payroll_developer", "investing_special_developer"});
        ldapCrud.groupUsers("payroll_devs", new String[]{"payroll_developer", "investing_payroll_developer"});
        rbacClusters2.assignRole("User", USER_MDS_ADMINISTRATOR, "UserAdmin", Scope.kafkaClusterScope(rbacClusters2.metadataClusterId()), Collections.emptySet());
        rbacClusters2.assignRole("User", "administrator", "UserAdmin", EXTERNAL_KAFKA_CLUSTER_SCOPE, Collections.emptySet());
        rbacClusters2.assignRole("User", "administrator", "UserAdmin", EXTERNAL_KAFKA_CLUSTER_SCOPE, Collections.emptySet());
        rbacClusters2.assignRole("User", "administrator", "UserAdmin", EXTERNAL_KSQL_CLUSTER_SCOPE, Collections.emptySet());
        rbacClusters2.assignRole("User", "administrator", "UserAdmin", EXTERNAL_CONNECT_CLUSTER_SCOPE, Collections.emptySet());
        rbacClusters2.assignRole("User", "administrator", "UserAdmin", EXTERNAL_SR_CLUSTER_SCOPE, Collections.emptySet());
        rbacClusters2.assignRole("User", USER_SECURITY_ADMIN, "SecurityAdmin", EXTERNAL_KAFKA_CLUSTER_SCOPE, Collections.emptySet());
        rbacClusters2.assignRole("User", USER_SR_ADMINISTRATOR, "UserAdmin", EXTERNAL_SR_CLUSTER_SCOPE, Collections.emptySet());
        V1RbacRestApi build = V1RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, actualMdsPort, "administrator", "administrator");
        rbacClusters2.assignRole("User", "administrator", "ResourceOwner", EXTERNAL_KAFKA_CLUSTER_SCOPE, Collections.singleton(new ResourcePattern("Topic", "*", PatternType.LITERAL)));
        rbacClusters2.assignRole("Group", "admins", "ResourceOwner", EXTERNAL_KAFKA_CLUSTER_SCOPE, Collections.singleton(new ResourcePattern("Topic", "*", PatternType.LITERAL)));
        rbacClusters2.assignRole("Group", "investing_devs", "DeveloperRead", EXTERNAL_KAFKA_CLUSTER_SCOPE, Collections.singleton(new ResourcePattern("Topic", "investing-", PatternType.PREFIXED)));
        rbacClusters2.assignRole("Group", "investing_devs", "DeveloperRead", EXTERNAL_KSQL_CLUSTER_SCOPE, Collections.singleton(new ResourcePattern("KsqlCluster", "*", PatternType.LITERAL)));
        rbacClusters2.assignRole("Group", "payroll_devs", "DeveloperRead", EXTERNAL_KAFKA_CLUSTER_SCOPE, Collections.singleton(new ResourcePattern("Topic", "payroll-", PatternType.PREFIXED)));
        rbacClusters2.assignRole("Group", "payroll_devs", "DeveloperRead", EXTERNAL_CONNECT_CLUSTER_SCOPE, Collections.singleton(new ResourcePattern("Connector", "*", PatternType.LITERAL)));
        rbacClusters2.assignRole("User", USER_INVESTING_RESOURCE_OWNER, "ResourceOwner", EXTERNAL_KAFKA_CLUSTER_SCOPE, Collections.singleton(new ResourcePattern("Topic", "investing-", PatternType.PREFIXED)));
        rbacClusters2.assignRole("User", USER_BILLING_RESOURCE_OWNER, "ResourceOwner", EXTERNAL_KAFKA_CLUSTER_SCOPE, Collections.singleton(new ResourcePattern("Topic", "billing-", PatternType.PREFIXED)));
        rbacClusters2.assignRole("User", "special_developer", "DeveloperRead", EXTERNAL_KAFKA_CLUSTER_SCOPE, (Set) Stream.of((Object[]) new ResourcePattern[]{new ResourcePattern("Topic", "billing-invoices", PatternType.LITERAL), new ResourcePattern("Topic", "payroll-texas", PatternType.LITERAL), new ResourcePattern("Topic", "investing-stocks", PatternType.LITERAL), new ResourcePattern("Topic", "investing-bonds", PatternType.LITERAL)}).collect(Collectors.toSet()));
        rbacClusters2.assignRole("User", "special_developer", "DeveloperRead", EXTERNAL_SR_CLUSTER_SCOPE, Collections.singleton(new ResourcePattern("Subject", "*", PatternType.LITERAL)));
        rbacClusters2.assignRole("User", "investing_special_developer", "DeveloperRead", EXTERNAL_KAFKA_CLUSTER_SCOPE, (Set) Stream.of(new ResourcePattern("Topic", "billing-invoices", PatternType.LITERAL)).collect(Collectors.toSet()));
        rbacClusters2.assignRole("User", "investing_special_developer", "DeveloperRead", EXTERNAL_KSQL_CLUSTER_SCOPE, Collections.singleton(new ResourcePattern("KsqlCluster", "*", PatternType.LITERAL)));
        rbacClusters2.assignRole("User", "investing_special_developer", "DeveloperRead", EXTERNAL_SR_CLUSTER_SCOPE, Collections.singleton(new ResourcePattern("Subject", "*", PatternType.LITERAL)));
        return build;
    }

    private void verifyLookupReturnedPrincipalNames(Call<List<String>> call, Set<String> set) throws Exception {
        Response execute = call.execute();
        Assert.assertEquals(execute.code(), 200);
        Assert.assertEquals(new HashSet((List) execute.body()), set);
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider(parallel = true)
    public static Object[][] noResourceLookups() {
        return new Object[]{new Object[]{"UserAdmin", Utils.mkSet(new String[]{userPrincipalName("administrator")})}, new Object[]{"DeveloperWrite", Utils.mkSet(new Object[0])}, new Object[]{"DeveloperRead", Utils.mkSet(new String[]{userPrincipalName("special_developer"), userPrincipalName("investing_special_developer"), groupPrincipalName("payroll_devs"), groupPrincipalName("investing_devs")})}};
    }

    @Test(dataProvider = "noResourceLookups")
    public void test_noResourceLookups(String str, Set<String> set) throws Exception {
        verifyLookupReturnedPrincipalNames(userAdminRbacRestApi.getPrincipalsWithRole(str, new MdsScope(EXTERNAL_KAFKA_CLUSTER_SCOPE)), set);
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider(parallel = true)
    public static Object[][] topicLookups() {
        return new Object[]{new Object[]{"DeveloperRead", "billing-invoices", Utils.mkSet(new String[]{userPrincipalName("special_developer"), userPrincipalName("investing_special_developer")})}, new Object[]{"DeveloperRead", "investing-gold", Utils.mkSet(new String[]{groupPrincipalName("investing_devs")})}, new Object[]{"DeveloperRead", "investing-stocks", Utils.mkSet(new String[]{userPrincipalName("special_developer"), groupPrincipalName("investing_devs")})}, new Object[]{"DeveloperRead", "investing-", Utils.mkSet(new String[]{groupPrincipalName("investing_devs")})}, new Object[]{"DeveloperRead", "investing", Utils.mkSet(new Object[0])}, new Object[]{"ResourceOwner", "billing-paid", Utils.mkSet(new String[]{userPrincipalName("administrator"), groupPrincipalName("admins"), userPrincipalName(USER_BILLING_RESOURCE_OWNER)})}, new Object[]{"DeveloperRead", "billing-paid", Utils.mkSet(new Object[0])}};
    }

    @Test(dataProvider = "topicLookups")
    public void test_topicLookups(String str, String str2, Set<String> set) throws Exception {
        verifyLookupReturnedPrincipalNames(userAdminRbacRestApi.getPrincipalsWithRoleOnResource(str, "Topic", str2, new MdsScope(EXTERNAL_KAFKA_CLUSTER_SCOPE)), set);
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider(parallel = true)
    public static Object[][] resourcesForPrincipal() {
        return new Object[]{new Object[]{"investing_payroll_developer", Utils.mkSet(new String[]{groupPrincipalName("payroll_devs"), groupPrincipalName("investing_devs")}), 2}, new Object[]{"special_developer", Utils.mkSet(new String[]{userPrincipalName("special_developer")}), 4}, new Object[]{"investing_special_developer", Utils.mkSet(new String[]{userPrincipalName("investing_special_developer"), groupPrincipalName("investing_devs")}), 2}};
    }

    @Test(dataProvider = "resourcesForPrincipal")
    public void test_getResourcesForPrincipal(String str, Set<String> set, Integer num) throws Exception {
        Response execute = userAdminRbacRestApi.getResourcesForPrincipal(userPrincipalName(str), new MdsScope(EXTERNAL_KAFKA_CLUSTER_SCOPE)).execute();
        Assert.assertEquals(execute.code(), 200);
        Map map = (Map) execute.body();
        Assert.assertEquals(map.keySet(), set);
        for (String str2 : map.keySet()) {
            for (String str3 : (List) userAdminRbacRestApi.getRoleNamesForPrincipal(str2, new MdsScope(EXTERNAL_KAFKA_CLUSTER_SCOPE)).execute().body()) {
                Assert.assertEquals((Collection) ((Map) map.get(str2)).get(str3), (List) userAdminRbacRestApi.getRoleResourcesForPrincipal(str2, str3, new MdsScope(EXTERNAL_KAFKA_CLUSTER_SCOPE)).execute().body());
            }
        }
        Assert.assertEquals(map.values().stream().mapToInt(map2 -> {
            return map2.values().stream().mapToInt((v0) -> {
                return v0.size();
            }).sum();
        }).sum(), num.longValue());
    }

    /* JADX WARN: Multi-variable type inference failed */
    @DataProvider(parallel = true)
    public static Object[][] allowedLookupRolebindingsForAllKnownClusters() {
        Object[] objArr = {new Object[]{"investing_developer", "investing_developer", ImmutableMap.of(EXTERNAL_KSQL_CLUSTER_SCOPE, Utils.mkSet(new String[]{groupPrincipalName("investing_devs")}), EXTERNAL_KAFKA_CLUSTER_SCOPE, Utils.mkSet(new String[]{groupPrincipalName("investing_devs")}))}, new Object[]{"payroll_developer", "payroll_developer", ImmutableMap.of(EXTERNAL_CONNECT_CLUSTER_SCOPE, Utils.mkSet(new String[]{groupPrincipalName("payroll_devs")}), EXTERNAL_KAFKA_CLUSTER_SCOPE, Utils.mkSet(new String[]{groupPrincipalName("payroll_devs")}))}, new Object[]{"special_developer", "special_developer", ImmutableMap.of(EXTERNAL_SR_CLUSTER_SCOPE, Utils.mkSet(new String[]{userPrincipalName("special_developer")}), EXTERNAL_KAFKA_CLUSTER_SCOPE, Utils.mkSet(new String[]{userPrincipalName("special_developer")}))}, new Object[]{"investing_special_developer", "investing_special_developer", ImmutableMap.of(EXTERNAL_KSQL_CLUSTER_SCOPE, Utils.mkSet(new String[]{userPrincipalName("investing_special_developer"), groupPrincipalName("investing_devs")}), EXTERNAL_SR_CLUSTER_SCOPE, Utils.mkSet(new String[]{userPrincipalName("investing_special_developer")}), EXTERNAL_KAFKA_CLUSTER_SCOPE, Utils.mkSet(new String[]{userPrincipalName("investing_special_developer"), groupPrincipalName("investing_devs")}))}, new Object[]{USER_NO_ROLE, USER_NO_ROLE, Collections.emptyMap()}};
        List list = (List) Arrays.stream(objArr).collect(Collectors.toList());
        for (Object[] objArr2 : objArr) {
            for (String str : new String[]{"kafka", USER_MDS_ADMINISTRATOR}) {
                Object[] copyOf = Arrays.copyOf(objArr2, objArr2.length);
                copyOf[0] = str;
                list.add(copyOf);
            }
        }
        return (Object[][]) list.toArray(new Object[0]);
    }

    @Test(dataProvider = "allowedLookupRolebindingsForAllKnownClusters")
    public void test_allowedLookupRolebindingsForAllKnownClusters(String str, String str2, Map<Scope, Set<String>> map) throws Exception {
        Response execute = V1RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, actualMdsPort, str, str).rolebindingsForKnownClusters(userPrincipalName(str2), null).execute();
        Assert.assertEquals(execute.code(), 200);
        List<ScopeRoleBindingMapping> list = (List) execute.body();
        HashSet hashSet = new HashSet(map.keySet());
        Assert.assertEquals(list.size(), hashSet.size());
        for (ScopeRoleBindingMapping scopeRoleBindingMapping : list) {
            Scope scope = scopeRoleBindingMapping.scope().scope();
            Assert.assertTrue(hashSet.contains(scope), String.format("Returned %s scope not expected for '%s' principal", scope, str));
            Assert.assertEquals(scopeRoleBindingMapping.rolebindings().keySet(), map.get(scope));
        }
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider(parallel = true)
    public static Object[][] deniedLookupRolebindingsForAllKnownClusters() {
        return new Object[]{new Object[]{"investing_developer", "payroll_developer"}, new Object[]{"administrator_in_group", "payroll_developer"}, new Object[]{USER_SR_ADMINISTRATOR, "investing_special_developer"}, new Object[]{USER_NO_ROLE, "payroll_developer"}};
    }

    @Test(dataProvider = "deniedLookupRolebindingsForAllKnownClusters")
    public void test_deniedLookupRolebindingsForAllKnownClusters(String str, String str2) throws Exception {
        Assert.assertEquals(V1RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, actualMdsPort, str, str).rolebindingsForKnownClusters(userPrincipalName(str2), null).execute().code(), 403);
    }

    /* JADX WARN: Multi-variable type inference failed */
    @DataProvider(parallel = true)
    public static Object[][] positiveRolebindingsForSpecificClusterType() {
        Object[] objArr = {new Object[]{"investing_developer", "investing_developer", ClusterType.KSQL_CLUSTER, ImmutableSet.of(EXTERNAL_KSQL_CLUSTER_SCOPE)}, new Object[]{"payroll_developer", "payroll_developer", ClusterType.CONNECT_CLUSTER, ImmutableSet.of(EXTERNAL_CONNECT_CLUSTER_SCOPE)}, new Object[]{"special_developer", "special_developer", ClusterType.SCHEMA_REGISTRY_CLUSTER, ImmutableSet.of(EXTERNAL_SR_CLUSTER_SCOPE)}, new Object[]{"investing_special_developer", "investing_special_developer", ClusterType.KAFKA_CLUSTER, ImmutableSet.of(EXTERNAL_KAFKA_CLUSTER_SCOPE)}, new Object[]{USER_NO_ROLE, USER_NO_ROLE, ClusterType.KAFKA_CLUSTER, Collections.emptySet()}};
        List list = (List) Arrays.stream(objArr).collect(Collectors.toList());
        for (Object[] objArr2 : objArr) {
            for (String str : new String[]{"kafka", USER_MDS_ADMINISTRATOR}) {
                Object[] copyOf = Arrays.copyOf(objArr2, objArr2.length);
                copyOf[0] = str;
                list.add(copyOf);
            }
        }
        return (Object[][]) list.toArray(new Object[0]);
    }

    @Test(dataProvider = "positiveRolebindingsForSpecificClusterType")
    public void test_rolebindingsForSpecificClusterType(String str, String str2, ClusterType clusterType, Set<Scope> set) throws Exception {
        Response execute = V1RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, actualMdsPort, str, str).rolebindingsForKnownClusters(userPrincipalName(str2), clusterType).execute();
        Assert.assertEquals(execute.code(), 200);
        List list = (List) execute.body();
        Assert.assertEquals(list.size(), set.size());
        Iterator it = list.iterator();
        while (it.hasNext()) {
            Scope scope = ((ScopeRoleBindingMapping) it.next()).scope().scope();
            Assert.assertTrue(set.contains(scope), String.format("Returned %s scope not expected for '%s' principal", scope, str));
        }
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider(parallel = true)
    public static Object[][] allowedRolebindingsForFullyQualifiedCluster() {
        return new Object[]{new Object[]{"investing_developer", "investing_developer", EXTERNAL_KSQL_CLUSTER_SCOPE, EXTERNAL_KSQL_CLUSTER_SCOPE, Utils.mkSet(new String[]{groupPrincipalName("investing_devs")})}, new Object[]{"payroll_developer", "payroll_developer", EXTERNAL_CONNECT_CLUSTER_SCOPE, EXTERNAL_CONNECT_CLUSTER_SCOPE, Utils.mkSet(new String[]{groupPrincipalName("payroll_devs")})}, new Object[]{"special_developer", "special_developer", EXTERNAL_SR_CLUSTER_SCOPE, EXTERNAL_SR_CLUSTER_SCOPE, Utils.mkSet(new String[]{userPrincipalName("special_developer")})}, new Object[]{"investing_special_developer", "investing_special_developer", EXTERNAL_KAFKA_CLUSTER_SCOPE, EXTERNAL_KAFKA_CLUSTER_SCOPE, Utils.mkSet(new String[]{groupPrincipalName("investing_devs"), userPrincipalName("investing_special_developer")})}, new Object[]{USER_SECURITY_ADMIN, USER_SECURITY_ADMIN, EXTERNAL_KAFKA_CLUSTER_SCOPE, EXTERNAL_KAFKA_CLUSTER_SCOPE, Utils.mkSet(new String[]{userPrincipalName(USER_SECURITY_ADMIN)})}, new Object[]{USER_NO_ROLE, USER_NO_ROLE, EXTERNAL_KAFKA_CLUSTER_SCOPE, new Scope.Builder(new String[0]).build(), Collections.emptySet()}, new Object[]{"kafka", "investing_developer", EXTERNAL_KSQL_CLUSTER_SCOPE, EXTERNAL_KSQL_CLUSTER_SCOPE, Utils.mkSet(new String[]{groupPrincipalName("investing_devs")})}, new Object[]{USER_SECURITY_ADMIN, "administrator", EXTERNAL_KAFKA_CLUSTER_SCOPE, EXTERNAL_KAFKA_CLUSTER_SCOPE, Utils.mkSet(new String[]{userPrincipalName("administrator")})}, new Object[]{"kafka", USER_NO_ROLE, EXTERNAL_KSQL_CLUSTER_SCOPE, new Scope.Builder(new String[0]).build(), Collections.emptySet()}, new Object[]{USER_SR_ADMINISTRATOR, "investing_special_developer", EXTERNAL_SR_CLUSTER_SCOPE, EXTERNAL_SR_CLUSTER_SCOPE, Utils.mkSet(new String[]{userPrincipalName("investing_special_developer")})}, new Object[]{USER_SR_ADMINISTRATOR, "payroll_developer", EXTERNAL_SR_CLUSTER_SCOPE, new Scope.Builder(new String[0]).build(), Collections.emptySet()}};
    }

    @Test(dataProvider = "allowedRolebindingsForFullyQualifiedCluster")
    public void test_allowedRolebindingsForFullyQualifiedCluster(String str, String str2, Scope scope, Scope scope2, Set<String> set) throws Exception {
        Response execute = V1RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, actualMdsPort, str, str).rolebindingsForFullyQualifiedCluster(userPrincipalName(str2), new MdsScope(scope)).execute();
        Assert.assertEquals(execute.code(), 200);
        ScopeRoleBindingMapping scopeRoleBindingMapping = (ScopeRoleBindingMapping) execute.body();
        Assert.assertEquals(scopeRoleBindingMapping.scope().scope(), scope2);
        Assert.assertEquals(scopeRoleBindingMapping.rolebindings().keySet(), set);
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider(parallel = true)
    public static Object[][] deniedChecksRolebindingsForFullyQualifiedCluster() {
        return new Object[]{new Object[]{USER_NO_ROLE, "payroll_developer", EXTERNAL_CONNECT_CLUSTER_SCOPE}, new Object[]{"investing_developer", "payroll_developer", EXTERNAL_CONNECT_CLUSTER_SCOPE}, new Object[]{USER_MDS_ADMINISTRATOR, "investing_developer", EXTERNAL_KSQL_CLUSTER_SCOPE}, new Object[]{USER_SR_ADMINISTRATOR, "investing_special_developer", EXTERNAL_CONNECT_CLUSTER_SCOPE}};
    }

    @Test(dataProvider = "deniedChecksRolebindingsForFullyQualifiedCluster")
    public void test_deniedChecksRolebindingsForFullyQualifiedCluster(String str, String str2, Scope scope) throws Exception {
        Assert.assertEquals(V1RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, actualMdsPort, str, str).rolebindingsForFullyQualifiedCluster(userPrincipalName(str2), new MdsScope(scope)).execute().code(), 403);
    }

    @Test(dataProvider = "resourcesForPrincipal")
    public void test_getResourcesForSelf(String str, Set<String> set, Integer num) throws Exception {
        Response execute = V1RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, actualMdsPort, str, str).getResourcesForPrincipal(userPrincipalName(str), new MdsScope(EXTERNAL_KAFKA_CLUSTER_SCOPE)).execute();
        Assert.assertEquals(200, execute.code());
        Map map = (Map) execute.body();
        Assert.assertEquals(map.keySet(), set);
        for (String str2 : map.keySet()) {
            for (String str3 : (List) userAdminRbacRestApi.getRoleNamesForPrincipal(str2, new MdsScope(EXTERNAL_KAFKA_CLUSTER_SCOPE)).execute().body()) {
                Assert.assertEquals((Collection) ((Map) map.get(str2)).get(str3), (List) userAdminRbacRestApi.getRoleResourcesForPrincipal(str2, str3, new MdsScope(EXTERNAL_KAFKA_CLUSTER_SCOPE)).execute().body());
            }
        }
        Assert.assertEquals(map.values().stream().mapToInt(map2 -> {
            return map2.values().stream().mapToInt((v0) -> {
                return v0.size();
            }).sum();
        }).sum(), num.longValue());
    }

    @Test(dataProvider = "resourcesForPrincipal")
    public void test_getResourcesForOthersBlocked(String str, Set<String> set, Integer num) throws Exception {
        Assert.assertEquals(V1RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, actualMdsPort, "payroll_developer", "payroll_developer").getResourcesForPrincipal(userPrincipalName(str), new MdsScope(EXTERNAL_KAFKA_CLUSTER_SCOPE)).execute().code(), 403);
    }

    @Test
    public void test_getResourcesForGroupBlocked() throws Exception {
        Assert.assertEquals(V1RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, actualMdsPort, "payroll_developer", "payroll_developer").getResourcesForPrincipal("Group:payroll_devs", new MdsScope(EXTERNAL_KAFKA_CLUSTER_SCOPE)).execute().code(), 403);
    }

    @Test
    public void test_getResourcesForGroupAllowedForAdmin() throws Exception {
        Response execute = V1RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, actualMdsPort, "administrator", "administrator").getResourcesForPrincipal("Group:payroll_devs", new MdsScope(EXTERNAL_KAFKA_CLUSTER_SCOPE)).execute();
        Assert.assertEquals(execute.code(), 200);
        Assert.assertEquals(execute.body(), ImmutableMap.of("Group:payroll_devs", ImmutableMap.of("DeveloperRead", ImmutableList.of(new ResourcePattern("Topic", "payroll-", PatternType.PREFIXED)))));
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider(parallel = true)
    public static Object[][] allowedTopicLookups() {
        return new Object[]{new Object[]{USER_INVESTING_RESOURCE_OWNER, "DeveloperRead", "investing-stocks", Utils.mkSet(new String[]{userPrincipalName("special_developer"), groupPrincipalName("investing_devs")})}, new Object[]{USER_INVESTING_RESOURCE_OWNER, "DeveloperRead", "investing-", Utils.mkSet(new String[]{groupPrincipalName("investing_devs")})}, new Object[]{USER_BILLING_RESOURCE_OWNER, "ResourceOwner", "billing-paid", Utils.mkSet(new String[]{userPrincipalName("administrator"), groupPrincipalName("admins"), userPrincipalName(USER_BILLING_RESOURCE_OWNER)})}, new Object[]{USER_BILLING_RESOURCE_OWNER, "DeveloperRead", "billing-paid", Utils.mkSet(new Object[0])}, new Object[]{"administrator_in_group", "DeveloperRead", "investing-stocks", Utils.mkSet(new String[]{userPrincipalName("special_developer"), groupPrincipalName("investing_devs")})}};
    }

    @Test(dataProvider = "allowedTopicLookups")
    public void test_allowedTopicLookups(String str, String str2, String str3, Set<String> set) throws Exception {
        verifyLookupReturnedPrincipalNames(V1RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, actualMdsPort, str, str).getPrincipalsWithRoleOnResource(str2, "Topic", str3, new MdsScope(EXTERNAL_KAFKA_CLUSTER_SCOPE)), set);
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider(parallel = true)
    public static Object[][] deniedTopicLookups() {
        return new Object[]{new Object[]{USER_INVESTING_RESOURCE_OWNER, "DeveloperRead", "billing-paid"}, new Object[]{USER_INVESTING_RESOURCE_OWNER, "DeveloperRead", "billing-"}, new Object[]{USER_INVESTING_RESOURCE_OWNER, "DeveloperRead", "investing"}, new Object[]{USER_BILLING_RESOURCE_OWNER, "ResourceOwner", "investing-"}, new Object[]{USER_BILLING_RESOURCE_OWNER, "ResourceOwner", "investing-stocks"}, new Object[]{"special_developer", "ResourceOwner", "billing-invoices"}, new Object[]{"special_developer", "DeveloperRead", "billing-invoices"}};
    }

    @Test(dataProvider = "deniedTopicLookups")
    public void test_deniedTopicLookups(String str, String str2, String str3) throws Exception {
        Assert.assertEquals(V1RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, actualMdsPort, str, str).getPrincipalsWithRoleOnResource(str2, "Topic", str3, new MdsScope(EXTERNAL_KAFKA_CLUSTER_SCOPE)).execute().code(), 403);
    }
}
